Kevin and James just finished up recording episode 2 of the Professionally Evil Perspective podcast. In this episode there is a brief discussion from Kevin on his experience at RSA and then we start talking about the topic of passwords. Although we are now into 2013, passwords still are a very hot topic. This is seen in the most recent breach that Evernote reported that their user information was accessed.
This episode goes into some helpful tips for both end users and application developers in regards to password use and storage. We also talk briefly about an idea that Troy Hunt mentioned on his blog about requiring companies to identify their password storage techniques on their login forms.
Correction: During the podcast, there was a reference to the FTC forcing Twitter to have penetration tests performed by a third party twice a year for the next ten years. This was incorrect as the FTC is requiring a security audit every two years for the next ten years. We apologize for the inaccuracy.
Want to make sure your application handles passwords correctly?
Our team tests authentication systems, credential storage, and password policies during every web application penetration test. Reach out to discuss a security assessment.
Talk to Our Team